CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95957 matches found

CVE•added 2024/07/21 7:5 a.m.•43 views

CVE-2024-37536

CVE-2024-37536 is a stored XSS vulnerability in the WordPress plugin Easy Custom Code (Live editing) affecting 1.0.8 and earlier. Exploitation involves the plugin’s Live editing feature, allowing stored XSS without relying on external vectors; remediation is to update to a version later than 1.0....

5.9CVSS5.9AI score0.00102EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/07/21 7:5 a.m.•13 views

CVE-2024-37536 WordPress Easy Custom Code (LESS/CSS/JS) Plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Web357 Easy Custom Code LESS/CSS/JS – Live editing allows Stored XSS.This issue affects Easy Custom Code LESS/CSS/JS – Live editing: from n/a through 1.0.8...

5.9CVSS6.9AI score0.00102EPSS

Exploits0References1

Positive Technologies•added 2024/07/21 12:0 a.m.•1 views

PT-2024-27634 · Web357 · Web357 Easy Custom Code

Name of the Vulnerable Software and Affected Versions: Web357 Easy Custom Code LESS/CSS/JS – Live editing versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

5.9CVSS6.1AI score0.00102EPSS

Exploits0References5

Patchstack•added 2024/07/05 12:0 a.m.•7 views

WordPress Easy Custom Code (LESS/CSS/JS) – Live editing Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Easy Custom Code LESS/CSS/JS – Live editing Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37536 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9a38a57946fb Credits Cronus...

5.9CVSS7AI score0.00102EPSS

Exploits0References2Affected Software1

0day.today•added 2024/05/13 12:0 a.m.•142 views

Leafpub 1.1.9 - Stored XSS Vulnerability

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address: http://localhost/leafpub/admin/login...

7.4AI score

Exploits0

MSRC•added 2023/08/04 7:0 a.m.•16 views

Microsoft mitigates Power Platform Custom Code information disclosure vulnerability

Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure CVD of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all...

7.5AI score

Exploits0

Veracode•added 2023/08/02 6:30 a.m.•20 views

Arbitrary Code Injection

org.apache.nifi: is vulnerable to Arbitrary Code Injection. The vulnerability exists in several functions which allows an authenticated attacker to submit a malicious request to configure a location that enables custom code execution...

8.8CVSS7AI score0.01177EPSS

Exploits0References6Affected Software9

Github Security Blog•added 2023/07/29 9:30 a.m.•23 views

Apache NiFi Code Injection vulnerability

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.7AI score0.01177EPSS

Exploits0References8Affected Software8

OSV•added 2023/07/29 8:15 a.m.•17 views

CVE-2023-36542

8.8CVSS8.7AI score0.01177EPSS

Exploits0References4

NVD•added 2023/07/29 8:15 a.m.•19 views

CVE-2023-36542

8.8CVSS8.8AI score0.01177EPSS

Exploits0References4

Prion•added 2023/07/29 8:15 a.m.•17 views

Design/Logic Flaw

6.5CVSS8.8AI score0.01177EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2023/07/29 7:12 a.m.•16 views

CVE-2023-36542 Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources

8.8AI score0.01177EPSS

Exploits0References4

OSV•added 2023/06/12 6:30 p.m.•22 views

GHSA-XM2M-2Q6H-22JW Apache NiFi vulnerable to Code Injection

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.8CVSS8.5AI score0.78065EPSS

Exploits8References11

Github Security Blog•added 2023/06/12 6:30 p.m.•36 views

Apache NiFi vulnerable to Code Injection

8.8CVSS8.5AI score0.78065EPSS

Exploits8References11Affected Software3

NVD•added 2023/06/12 4:15 p.m.•27 views

CVE-2023-34468

8.8CVSS8.7AI score0.78065EPSS

Exploits8References5

OSV•added 2023/06/12 4:15 p.m.•28 views

CVE-2023-34468

8.8CVSS8.5AI score0.78065EPSS

Exploits8References5

Prion•added 2023/06/12 4:15 p.m.•23 views

Design/Logic Flaw

6.5CVSS8.5AI score0.78065EPSS

Exploits8References5Affected Software1

Cvelist•added 2023/06/12 3:9 p.m.•27 views

CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2

8.9AI score0.78065EPSS

Exploits8References5

Vulnrichment•added 2023/06/12 3:9 p.m.•19 views

CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2

8.6AI score0.78065EPSS

Exploits8References5

OSV•added 2023/05/08 1:15 a.m.•1 views

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

9.8CVSS7.3AI score0.10713EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by